I have been unsuccessful in my attempt to correctly add an untrusted certificate chain to my BES so that applications which talk to the BES have a trusted SSL link. The Admin Guide is not very helpful (vague).

Specifically, our enterprise uses certs from DST, and DST certs are not loaded into the cacerts file by default (34 other certs are, however).

This certificate chain has a root, a sub-CA, a second sub-CA and the server cert.

I have tried using keytool and importing all three CA certs individually (as a .cer file) into the cacerts file and the import process does work. There are now 37 certs in the cacerts file.

What else needs to be done? Does the server certificate need to be stored somewhere else on the BES? Is there a truststore file or keystore file in addition to the cacerts file that the BES uses?

Is the cacerts file stored in memory and thus the does the BES need to be restarted for the new certs to be seen?

The error message seen on the BB is "Access denied Insecure SSL request"